[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Making crypto use widespread



One thing that's become apparent is that *convenience* is
all important.   If we made PGP much more convenient to
use, by integrating it seamlessly into our common offline mailers,
then folks would stop complaining about receiving encrypted
messages of a trivial nature, they would be much more
likely to sign their message, etc.  Getting the basic
functionality is only half the battle -- the other half is
making it so that the effort put into using it is less
costly than the value of most uses, which for most single
messages is slim.   Furthermore, we won't find the most
valuable uses until we've climed the learning curve by
massive experimentation with this software.  Small user
learning curves and low usage cost means convenience,
convenience, convenience.  Convenience is utterly
necessary to make crypto traffic mushroom.

Compare Nate Sammon's web page interface to the remailers
to the shell script interface (much less try to do the
encryption & nesting by hand) -- it makes all the difference
in the world!  Only one easily fixed problem there -- Nate's
remailer doesn't say whether it's doing the nested
encryption or mailing plaintext!  That one flaw, perhaps
just a tiny oversight, makes a system with almost nearly
perfect convenience much less user freindly.
(If it's really not encrypting that's a much bigger flaw,
but also correctable).  If folks fixed that flaw and
widely deployed Nate's server, remailer usage would 
mushroom, and we would have enough traffic to mix it up 
without long delays.

Why has Magic Money failed to take off?  It's very 
incovenient.  Far too much of the protocol is left
to the users to perform manually, and the command
line options as an interface are far too arcane, with
few affordances or strong clues as to the current state
of the protocol, or what action to take next.

This isn't a flaw in way Magic Money has implemented digital
cash protocols, it simply means that the software from the
point of view of users is incomplete -- soembody needs
to write a friendly client on top of the autoclient, and
a seamless anonymous messaging system between customer, vendor,
and bank.  This would make a huge difference in how many people are
willing to play with, and eventually use, the system.

Incidentally, Eudora developers told me at Internet World that they
plan to provide GUI hooks for PGP and PEM in a release due out
in late '94 or early '95.  This is easy for them to do, they 
just haven't considered it a high priority.  It is just not that 
hard for vendors to integrate encryption if they have customers
telling them that's what they want.  We as customers need to 
speak out to our software vendors and let them know what we want.
This is at least as important as political activism, probably
moreso.